CyberHappenings logo
☰

CISA Releases Thorium for Automated Malware Analysis

First reported
Last updated
📰 1 unique sources, 1 articles

Summary

Hide ▲

The Cybersecurity and Infrastructure Security Agency (CISA) and Sandia National Laboratories have released Thorium, an automated, scalable malware and forensic analysis platform. Thorium integrates commercial, custom, and open-source analysis tools to enable rapid assessment of malware threats and unified forensic analysis results. This platform aims to address the increasing volume and complexity of advanced persistent threats using malware. Thorium allows cyber defenders to integrate preferred tools into a single platform, orchestrate customized and automated analysis workflows, and quickly analyze large amounts of malware. The platform can ingest over 10 million files per hour per permission group and schedule over 1,700 jobs per second, maintaining fast results queries. The release of Thorium underscores CISA's commitment to providing scalable cybersecurity resources to government and critical infrastructure entities, empowering the broader cybersecurity community to share insights and knowledge.

Timeline

  1. 31.07.2025 15:00 📰 1 articles

    CISA and Sandia National Laboratories Release Thorium for Malware Analysis

    CISA and Sandia National Laboratories have released Thorium, an automated, scalable malware and forensic analysis platform. The platform integrates commercial, custom, and open-source analysis tools to enable rapid assessment of malware threats and unified forensic analysis results. Thorium can ingest over 10 million files per hour per permission group and schedule over 1,700 jobs per second, maintaining fast results queries. The platform supports the integration of various tools and uses Kubernetes and ScyllaDB to scale with hardware and meet workload requirements.

    Show sources

Information Snippets

  • Thorium is an automated, scalable malware and forensic analysis platform developed by CISA and Sandia National Laboratories.

    First reported: 31.07.2025 15:00
    📰 1 source, 1 article
    Show sources
  • The platform integrates commercial, custom, and open-source analysis tools to enable rapid assessment of malware threats.

    First reported: 31.07.2025 15:00
    📰 1 source, 1 article
    Show sources
  • Thorium can ingest over 10 million files per hour per permission group and schedule over 1,700 jobs per second.

    First reported: 31.07.2025 15:00
    📰 1 source, 1 article
    Show sources
  • The platform allows cyber defenders to integrate preferred tools into a single platform, orchestrate customized and automated analysis workflows, and quickly analyze large amounts of malware.

    First reported: 31.07.2025 15:00
    📰 1 source, 1 article
    Show sources
  • Thorium supports the integration of command-line tools as Docker images, virtual machine, and bare-metal tools.

    First reported: 31.07.2025 15:00
    📰 1 source, 1 article
    Show sources
  • The platform uses Kubernetes and ScyllaDB to scale with hardware and meet workload requirements.

    First reported: 31.07.2025 15:00
    📰 1 source, 1 article
    Show sources